North Korea may have denied being linked to the cyberattack that paralyzed Sony Pictures' internal computer systems, but the isolationist regime is actually happy that the Hollywood studio has been hacked.
In a statement released by the state-owned Korean Central News Agency, an unnamed spokesperson for the Pyongyang government calls the massive hacking a "righteous deed" and suggests that it could have been done by the country's "great number of supporters and sympathizers all over the world."
"We do not know where in America the Sony Pictures is situated and for what wrongdoings it became the target of the attack nor [do] we feel the need to know about it," the spokesperson says.
"But what we clearly know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership of the DPRK (Democratic People's Republic of Korea) by taking advantage of the hostile policy of the U.S. administration towards the DPRK," he adds.
North Korea accuses Sony and the American intelligence agencies probing the hack, including the Federal Bureau of Investigation, of pointing its fingers East to deflect the embarrassment cast upon the studio for being hacked so easily. It also condemns the South Korean government of being a "puppet" of the U.S. and "floating the false rumor that the north was involved in the hacking."
North Korea has been linked by media reports to the destructive hack that shut down Sony's computer systems on Nov. 24. People familiar with the internal investigation have come out to say that Sony and the FBI are looking at the secretive North Korean government as the source of the attack as a retaliation against Sony for 'The Interview,' an upcoming comedy film about the assassination of North Korean supreme leader Kim Jong-Un.
The film, starring actors Seth Rogen and James Franco, is set to debut on Dec. 25. Previously, North Korean representatives have made several complaints about the movie, culminating in a letter sent to the United Nations Secretary-General Ban Ki-Moon, calling it an "undisguised sponsoring of terrorism" and an "act of war."
However, experts are divided as to whether North Korea was involved in the attack. The latest development in the investigation shows that the hackers operated from the public Wi-Fi network of a five-star hotel in Bangkok, Thailand to leak troves of internal documents stolen from Sony during the attack.
A person close to the probe tells Bloomberg that investigators were able to trace the origin of the files to St. Regis, a luxury hotel situated on Rajadmari Road, an upscale area in the Thai capital. The source also says that an IP address used by the malware was traced to a university located in Thailand.
After threatening to release Sony's "secrets" if the company fails to meet their demands, the attackers seemed to follow through with their promise. Just days after the neon red skull rendered Sony employees' computers useless, gigabytes of Sony files containing sensitive information including passwords, private information of 47,000 employees, actors and actresses, and five Sony Pictures films, four of which are unreleased, were posted on file-sharing websites.
Previous reports about North Korea's cyberspying operations say the country has numerous hacking units spread out all over the world because it has a limited Internet infrastructure.
Hewlett-Packard's cybersecurity division issued a report in August saying North Korea has 20 hacking units in its own land, with several others situated in countries including China, Germany, Syria and the United Arab Emirates. The report cited an alleged Korean defector who said the China unit has worked from the Chilbosan Hotel in Shenyang, which is why investigators supposedly are not surprised by the Thailand connection.
Clues also lie in the malware's coding that lead investigators straight to North Korea. In a "flash" warning released by the FBI to U.S. companies about a "destructive malware," the agency was referring to malicious software that was written in Korean. Although the FBI did not explicitly name the malware as the one which infiltrated Sony's system, persons who have seen the report say it was very similar to the malware used in the Sony hack, Reuters says.
It also reportedly bears close resemblance to the malware used in the Dark Seoul campaign in 2013, which is widely attributed to a North Korean-backed hacker group. Symantec security researchers say both malware use similar "wiper" programs that destroy files and initiate the same DDoS (distributed denial of service) attacks to flood websites with fake traffic and crash servers.
"This is the same group that was working in Korea a year ago," Liam O'Murchu, security researcher at Symantec, says. "There are so many similarities - this must be the same people."
A group of hacktivists calling themselves GOP, which stands for Guardians of Peace, has claimed responsibility for the attack, saying that it was not made because of the assassination film but as a form of protest to call for "equality." The hackers deny any association with North Korea, instead calling themselves an international group composed of "famous figures in the politics and society" of several nations, including the U.S., U.K. and France.
John Hultquist, senior manager of cyber-espionage threat intelligence at iSight Partners thinks GOP could be posing as a hacktivist group to hide North Korea's link, a technique that has become very common in state-backed cyberattacks, he says.
"Given the lack of a background behind the hacktivist organization claiming responsibility, I think we're looking at North Korea sponsoring it or someone sympathetic to North Korea sponsoring it," says Hultquist.
Joseph DeTrani, a former U.S. intelligence officer who was a special envoy to North Korea, thinks there is reason to believe the state's denial. DeTrani says Pyongyang has a long history of being truthful when it comes to its involvements in attacks. Still, he acknowledges the possibility that under Kim Jong-Un, who has been in power for only three years, North Korea may have shifted its policy.